Users, system integrators and suppliers are striking back on cybersecurity intrusions and attacks by sharing best practices, tools and services
Traffic cops keep watch
Of course, the ultimate aim of any cybersecurity effort is the same as any other plant-floor initiative from basic loop control to advanced process optimization and safety—keep the application running as efficiently and profitably as possible. However, because there’s no “set it and forget it” with cybersecurity due to constantly evolving probes and threats, a secure network and the communications traffic on it must be constantly examined for anomalous performance that could indicate unauthorized and possibly malicious activity. Earlier networking monitoring tools like IT-based simple network management protocol (SNMP) and related derivatives have given way in recent years to passive-monitoring software like SIEM that are less likely to hinder operations.
…John Cusimano, industrial cybersecurity director at aeSolutions, adds that, “Previously, people had to be convinced to address cybersecurity. Now, they want to know how to get started. The market is a lot more sophisticated now that many users already have some cybersecurity in place and are trying to improve it. However, even though many users write security policies and audit their facilities, we always discover vulnerabilities when we perform assessments in the field, such as unsecure TCP ports. Typically, we find there’s good segmentation from the business network to the process control network (PCN), but not a lot of segmentation within the PCN. I’d estimate that only about 25%…